Sql injection

2021-06-1712:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

49.9%

JSON

An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database information or administrative credentials from an instance via crafted monitor status responses.

CPENameOperatorVersion
connectwise_automatelt2021.5

CPE	Name	Operator	Version
	connectwise_automate	lt	2021.5

References

home.connectwise.com/securityBulletin/609a9dd75cb8450001e85369

www.connectwise.com/company/trust/security-bulletins

www.connectwise.com/platform/unified-management/automate